cgi.http_host as a domain name variable?
35 views
Skip to first unread message
Brandon Rees
Sep 2, 2015, 1:50:17 PM9/2/15
to Chicagoland ColdFusion Users Group
Hello,
instead of this:
Safe, or better way?
Is it safe to use cgi.http_host as a domain name variable? For example, I have a redirect on a page, and I want to do this:
<cfheader statuscode="302" statustext="Temporarily Moved" />
<cfheader name="Location" value="http://#cgi.http_host# />
instead of this:
<cfheader statuscode="302" statustext="Temporarily Moved" />
<cfif findNoCase("test",cgi.http_host)>
<cfheader name="Location" value="http://test.website.com/" />
<cfelse>
<cfheader name="Location" value="http://www.website.com/" />
</cfif>
Safe, or better way?
Thanks!
Brandon
Daniel Garcia
Sep 2, 2015, 1:56:12 PM9/2/15
to cc...@googlegroups.com
Brandon,
You can do that, and many people do, but CGI variables can be spoofed which means someone could monkey with the process. The odds of that happening are probably pretty low.
Are there a lot of domains you are dealing with? If not, you can probably just hardcode it like you showed. If you find yourself having to maintain more and more of these, you can always turn them into variables and move them all into a shared include or your application file.
-Daniel
Daniel Garcia
--
Visit our website at http://www.ccfug.org for the latest information on upcoming meetings.
---
You received this message because you are subscribed to the Google Groups "Chicagoland ColdFusion Users Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ccfug+un...@googlegroups.com.
To post to this group, send email to cc...@googlegroups.com.
Visit this group at http://groups.google.com/group/ccfug.
For more options, visit https://groups.google.com/d/optout.
Brandon Rees
Sep 2, 2015, 2:05:46 PM9/2/15
to Chicagoland ColdFusion Users Group
Actually, in this case, I am in my application component - - - we have one site that is not fully responsive, so we redirect mobile users to a more friendly page. (I know, yuck.) I dumped the pages into our test environment before catching it, and of course, I got a 404 because the page to which I'm redirecting isn't in production yet (but that's where the redirect points).
Thanks for the ultra quick response. Hope all is well. Looking forward to the next CFUG.
Reply all
Reply to author
Forward
0 new messages